App Modernization with Istio Using Mixer to Apply Policies

App Modernization with Istio Using Mixer to Apply Policies

1 hour 30 minutes7 Credits

GSP450

Introduction

Istio is an open source framework for connecting, securing, and managing microservices. It can be used with any service, including but not limited to services that are hosted in a Kubernetes cluster. Istio lets you create a network of deployed services with load balancing, service-to-service authentication, monitoring, and more, without requiring any changes in service code.

Istio support is added to services by deploying a special Envoy sidecar proxy to each of your application's pods in your environment. "Sidecar" means that it gets deployed alongside your application. Your application interacts with the outside world, both ingress and egress, through the Envoy Proxy. Developers of applications can take advantage of the communication and networking enhancements provided by Envoy - like client-side load balancing, circuit breakers, logging, mTLS, etc. - without additional coding and without finding the libraries in the language of choice.

Here's an example: In reliable distributed systems, it's common for a system to want to retry a request after a failure, possibly with an exponential backoff delay. There are libraries for Java and Golang and Node.js that do this. However, employing them within the app means each app will need to solve that problem independently. The Istio sidecar could do this for the app automatically. No need to embed the Hystrix library into your app!

Due to the proximity of the sidecar to the application, there's no significant latency when communicating between them; in some cases no network stack at all. (Read more on this.)

Apigee enables you to create APIs and share them with other developers who might be part of your organization, external to your organization, or even unknown to you. API teams using Apigee achieve this by combining APIs into "API Products" that offer different capabilities and levels of service. Apigee enables you to control who consumes each API product and how much is consumed.

The Apigee Istio Mixer adapter lets you use Apigee to manage APIs for services exposed outside the Istio service mesh or between services running entirely within the mesh. With the adapter, you can employ Apigee API management features to services running in an Istio service mesh, such as:

API discovery and documentation

Self-service API adoption

Usage analytics

Monetization

In addition, there are certain capabilities that you do not want to build for every service that you create and deploy to a service mesh. The adapter provides some of these capabilities, including security, caching, and quota enforcement. More information on the Apigee Istio adapter is here